An organization is implementing a new hybrid cloud deployment and wants all employees to provide a username, password, and security token before accessing any of the cloud resources. Which type of security control is the organization leveraging for its employees?

Rationale

Background check

A background check is a security control used to assess the potential risks posed by employees before granting them access to organizational resources. This process involves verifying an individual's history, which helps the organization ensure that hiring decisions do not compromise its security.

A (Web application firewall (WAF)) YOUR ANSWER

Authentication verifies the identity of a user attempting to access resources, typically through credentials like usernames and passwords. While essential for securing systems, it does not assess the background or trustworthiness of employees prior to their employment, making it an ineffective measure for pre-hire risk assessment.

B (Access control list (ACL)) YOUR ANSWER

A WAF is a security measure designed to protect web applications by filtering and monitoring HTTP traffic. Although it plays a crucial role in safeguarding applications from web-based attacks, it does not pertain to evaluating employee backgrounds or assessing hiring risks, thus making it unrelated to the scenario presented.

C (Authentication) CORRECT

Authorization determines what resources an authenticated user can access and what actions they can perform. While important for controlling access levels based on user roles, it does not involve pre-employment checks or risk assessments of individuals, which is the focus of the security team's intention in this scenario.

Conclusion

In this context, the organization is utilizing a background check as a proactive security control to mitigate potential risks associated with new hires. This measure helps ensure that employees do not pose a threat to the organization's security before they are granted access to sensitive resources. In contrast, authentication, WAFs, and authorization operate on different aspects of security management and do not address the pre-employment risk assessment requirement.

An organization is implementing a new hybrid cloud deployment and wants all employees to provide a username, password, and security token before accessing any of the cloud resources. Which type of security control is the organization leveraging for its employees?

Background check

Related Questions

Related Quizzes

How familiar were you with this question?

Report an Issue

Rate this Practice Test